8 Formal Specification How to specify whether a given system behaves correctly? First we have to specify properties of single states: state properties Example: error(s): state s is an error state zero(s): state s represents zero Now we can extend this to one behavior of system: A path in a transition system (S, I, R) is an infinite sequence of states s 0 s 1 s 2... s.t. s 0 I, for all i {0, 1,... }, (s i, s i+1 ) R. How to specify whether a given path shows correct/incorrect behavior? Stefan Ratschan (FIT ČVUT) PI-PSC / 19

9 Properties on Paths π State property g holds on first element of path: π = g : g(π(0)) State property holds on next element of path: π = Xg : π 1 = g Train eventually reaches full speed π = Fg : there is k 0 s.t. π k = g (F: in the future ) Number of motor rotations always stays in safe area π = Gg : for all k 0, π k = g (G: globally ) The train eventually stops and until then the doors remain closed π = guh : there is i s.t. π i = h and for all j < i, π j = g (U: until ) As long as the plane does not reach full height the fasten seat belts sign is on π = grh : for all j 0, if for all i < j, not π i = g then π j = h (R: release ) Stefan Ratschan (FIT ČVUT) PI-PSC / 19

10 Combining Operators If the elevator is called, it will eventually show up (g Fh). The train will never move with open doors G (g h) So: Boolean combinations (,, ). Combining temporal operators. For example: FGg: Eventually property g will hold forever. GFg: Always eventually g will hold. Result: Linear Temporal Logic (LTL) Syntax: every state property is an LTL formula If g and h are LTL formulas then also Xg, guh, grh, Fg, Gg, and guh, g, g h, g h, are LTL formulas. Stefan Ratschan (FIT ČVUT) PI-PSC / 19

14 Full LTL? Unbounded Case? Full LTL [Biere et al., 2003] For every LTL formula φ, for all n, = φ implies BMC(φ, n) Opposite direction? Observation: = Gs iff BMC(Gs, S ) If system does not fulfill Gs then it has an error path of length at most S Theorem for all finite transition system, for all LTL formula φ there is a bound n s.t. for all n n, BMC(φ, n ) iff = φ But: bound may be huge! Stefan Ratschan (FIT ČVUT) PI-PSC / 19

15 Unbounded Model Checking If we want to prove correctness over unbounded time, or we search for a bug that shows up after long time. Reach set computation: let R be the set of initial states add reachable state reachable from R until no more new reachable states If for all x R, ok(x), then = G ok. For full LTL (and other temporal logics), more complicated [Clarke et al., 1999]. Stefan Ratschan (FIT ČVUT) PI-PSC / 19

Verification of multiagent systems via ordered binary decision diagrams: an algorithm and its implementation Franco Raimondi Alessio Lomuscio Department of Computer Science King s College London London

On the Modeling and Verification of Security-Aware and Process-Aware Information Systems 29 August 2011 What are workflows to us? Plans or schedules that map users or resources to tasks Such mappings may

A Logic Approach for LTL System Modification Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au

Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major

Program Synthesis is a Game Barbara Jobstmann CNRS/Verimag, Grenoble, France Outline Synthesis using automata- based game theory. MoBvaBon, comparison with MC and LTL. Basics Terminology Reachability/Safety

Some facts about polynomials modulo m (Full proof of the Fingerprinting Theorem) In order to understand the details of the Fingerprinting Theorem on fingerprints of different texts from Chapter 19 of the

University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 8-1-2007 Using Patterns and Composite Propositions to Automate the Generation of Complex

Model-Checking Verification for Reliable Web Service Shin NAKAJIMA Hosei University and PRESTO, JST nkjm@i.hosei.ac.jp Abstract Model-checking is a promising technique for the verification and validation

MODEL CHECKING CONCURRENT AND REAL-TIME SYSTEMS: THE PAT APPROACH LIU YANG (B.Sc. (Hons.), NUS) A THESIS SUBMITTED FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPARTMENT OF COMPUTER SCIENCE NATIONAL UNIVERSITY

73 0 Sequences and Series 6. Approximate e 0. using the first five terms of the series. Compare this approximation with your calculator evaluation of e 0.. 6. Approximate e 0.5 using the first five terms

µz An Efficient Engine for Fixed points with Constraints Kryštof Hoder, Nikolaj Bjørner, and Leonardo de Moura Manchester University and Microsoft Research Abstract. The µz tool is a scalable, efficient

Brno University of Technology Faculty of Information Technology PhD. Thesis submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy Symbolic Data Structures for Parametric